8.1
CVE-2023-5905
- EPSS 0.22%
- Veröffentlicht 15.01.2024 16:15:12
- Zuletzt bearbeitet 21.11.2024 08:42:44
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginDeMomentSomTres WordPress Export Posts With Images <= 20220825 - Missing Authorization to Blog Data Export
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.
Mögliche Gegenmaßnahme
DeMomentSomTres WordPress Export Posts With Images: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
DeMomentSomTres WordPress Export Posts With Images
Version
*-20220825
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Demomentsomtres ≫ Export Posts With Images SwPlatformwordpress Version <= 20220825
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.